from rest_framework import permissions

class UserPermission(permissions.BasePermission):
    """ 用户访问权限控制"""
    def has_object_permission(self, request, view, obj):
        if request.user.is_superuser:
            return True
        # 如果你要操作的对象obj是该请求的对象request.user,则返回True
        return obj == request.user

